X as nfs-server

gumse

Member
When i try to mount a X volume from a Linux box i get:
mount: RPC: Program not registered

The same when i try showmount in OS-X:
RPC: Program not registered: Can't do Mountdump rpc

I have a /etc/exports file .
What more do i have to start on the OS-X machine ?
 
Ah the joys of NetInfo... ;-)

The /etc/exports isn't used in X. Instead it stores that information in a binary database called NetInfo. You use the NetInfo Manager.app in /Applications/Utilities to make the changes.

Now using NetInfo Manager is not for the faint of heart; it isn't very well documented and the metaphor takes some getting used. Basically it is laid out like a file system, with folders. These folders have properties/value pairs attached.

So, for exports:

1. Create a directory at the / level (it should appear alongside /machines, /users, etc.). Do this from Directory->New Subdirectory.

2. Select the new directory. You'll notice in the bottom pane that there is a Property of "name" with a value of "new_directory" . This defines what the value of the property "name" is. Double-click on "new_directory" to change it to "exports". Choose Save to update it.

3. Select the /exports folder and add a subdirectory under it.

4. Follow the same procedure from step 2 to change the name property to match the path of the exported directory (i.e. "/Users/Shared").

5. Now to define options for the export choose the "name" value of your export and choose Directory->New Property. This adds a "new_property" to the export.

6. Double click "new_property" and change the name to "opts". This (obviously) is where you'll define the specific export options you want.

7. Next you'll add the option values for your export. Select the "opts" property and choose Directory->New Value. This adds a value "new_value" in the right column across from "opts".

NOTE: Properties can have multiple values, as you'll see. They're like a stack or an array attached to a single property.

8. Double-click on "new_value" and change it to the option you want WITHOUT THE LEADING DASH. This is the same as exporting in /etc/export; however, mountd will add the '-' where necessary.

i.e. "opts" | "mapall=nobody"

9. To add another option, make sure you have the first option selected (in my example "mapall" and choose Directory->Append Value. Add as many as you need.

10. SAVE!!!

11. Ok, once you have your export defined you'll have to either reboot or drop to the command line and "sudo mountd" to launch the mount daemon. Check in /var/log/system.log to check for errors. "showmount -e" will let you know if you have any active exports.

There you go! Simple eh? ;-)

A simpler way is to go to http://www.versiontracker.com and download NFS Manager.app. It provides a GUI for doing this, but it always helps to know what's going on.
 
Now, the next question - how do you get computer A to export its /Users directory, and computer B to mount that share over top of its /Users directory, at boot up, without being told every time? Of course, then A and B would also have to have the same user accounts, so that changing your password on one would have the same effect on the other.

We don't want to have to go through the nonsense of "Oh blast, I saved that on the other computer, and Mom is using it now" do we, this is the brave new world of OS X!

I guess what it all comes down to is, how well documented is Netinfo, and how intuitive does Apple manage to make it?
 
2 part response:

1. gumse - no problem, glad I could help.

2. scruffy - you asked for it ;-)

What you want is to create a two-level NetInfo domain.

Basically, NetInfo allows you to divide management of your resources into hierarchical groups called domains. You can use these domains to centralize your user accounts as well as the mounts your workstation should use at startup.

Every computer that runs NetInfo (and that is EVERY MacOS X system) has a local domain called 'local'. This domain stores all the settings for the local workstation (hint,hint...local == local). So, the steps I outlined for gumse modifies the local domain on his workstation.

What you want to do is to create a domain above that where multiple MacOS X computer can look to for user information and mounts. This isn't hard to do, it just takes some time to wrap your head around the concepts.

Now domains are laid out in a hierarchy, just like a file system. So, just as a file system has a root volume (/), so does a NetInfo domain. You can think of your MacOS X worktation as a folder in the file heirarchy (but one that doesn't have anything else underneath it). In its 'folder' is the local domain where it keeps local settings that affect only that workstation. In a 2-level domain there is also a 'root' domain where the worktation gathers other information (such as users and mounts).

Here's an example:

root : 'network' domain
|
|---->gumse
|----> scruffy : 'local' domains

In this diagram both workstations (scruffy & gumse) have local domains that they use themselves. root signifies the root domain where both system can also gather shared information. [NOTE: By default NetInfo names this domain 'network'. That's what you'll use since changing it is a pain.]

I'm not going to go into much more detail (unless people want me to) about the ins & outs of the process NetInfo uses to determine where it gathers what information. You can find some information in Apple's TIL articles (http://til.info.apple.com).

How to create a two level domain:

1. Decide which computer is going to house the 'network' domain. It doesn't really matter which computer you choose; however, it must be up and available to any workstation that needs to access its data.

2. Log in as root (or your admin account, whichever you prefer) and startup /Applications/Utilities/NetInfo Manager.app.

3. Authenticate yourself (click the lock in the lower left).

4. Choose the menu item Domains->Manage Domains->Hierarchy

5. Choose "Create a new master server on this host" & hit Configure.

6. Your call on the next option - will you need to administer it remotely or just on your local lan.

7. Hit Create

8. You'll have to reboot your computer (you have to so your workstation can 'bind' with the new domain).

At this point you've created a new domain called "network". Now the real fun begins because I have to mention binding.

Ok, wait. At this point I realize this is getting really long winded on my part and may be much more than you want/need to know to get the job done. To finish up:

After you reboot start adding entries for your users and workstations into the 'network' NetInfo database:

1. Open NetInfo Manager and authenticate.

2. On the button bar the globe with an arrow should be available - select it. This opens the 'network' database for editing.

3. Start adding users in the /users directory (same principal as adding exports - here is a brief list of possible properties to add to your entires:

realname, expire, name, uid, passwd, home, change, shell, gid

there are others, but these will get you going.

4. Add all your exports - if you want your users' home directories on a network server, make sure you export it first.

5. SAVE

6. Add some basic workstation information into the /machines directory for all the workstations that will use this domain:

ip_address, name, serves, en_address

NOTE: serves takes some explaining, but for now set it to hostname/local for each workstaiton (where hostname is the DNS hostname of that computer).

7. At the workstation open up /Applications/Utilities/Directory Setup.app and make sure NetInfo has a check mark by it on the Services tab.

8. Reboot the workstation. At this point you should be able to log in with the user account you created in step 3.

That's it. You should be good to go. I'm sorry this is really (REALLY) long, but there is a log of pieces to touch to make this happen and it helps to understand what's going on. If you want me to continue and explain what goes on in the whole process I will, just let me know.

 
This is actually a three part question - and only the first part is related to this topic ... but anyway ...

1. How can I get Linux to bind to a NetInfo domain for authentication?

and somewhat related to that question ...
2. Can I get a Windows domain to bind to NetInfo

3. in MacOS X, I saw a setting in the Login System Preference applet that specified which authentication scheme to use - it was Kerberos. I assume that this allows you to add/remove/change authentication schemes for the system. Are there any other ones available right now? For example, could I use something that binds to a Windows NT Domain?. OK. Maybe not ... but how about LDAP? NetWare Directory Server? Microsoft Active Directory? NIS?
 
vihung-

1. How can I get Linux to bind to a NetInfo domain for authentication?

A. You don't. NetInfo is currently a MacOS X-only technology; however, I do remember PADL (www.padl.com) was working on a port for Linux. Check them out and see how far along they are.

and somewhat related to that question ...

2. Can I get a Windows domain to bind to NetInfo

A. Nope. I don't know of anyone working on a NetInfo port.

Now, in a larger context, you really don't want to do this. (I know, I know - you just said you did, but trust me, you don't). I don't think Apple has any illusions about NetInfo taking the world by storm (let alone the enterprise), and I doubt you'll see it hyped very much as a cross-platform directory service solution.

Instead, MacOS X is designed to play nice with others (NIS, LDAP, etc.).

3. in MacOS X, I saw a setting in the Login System Preference applet that specified which authentication scheme to use - it was Kerberos. I assume that this allows you to add/remove/change authentication schemes for the system. Are there any other ones available right now? For example, could I use something that binds to a Windows NT Domain?. OK. Maybe not ... but how about LDAP? NetWare Directory Server? Microsoft Active Directory? NIS?

A. Hmmm...I don't think MacOS X does Kerberos out of the box. I think I heard MIT was working on that, but I can't find it right now. It shouldn't be that difficult (relatively speaking) to add in security modules for whatever directory service you have. Currently MacOS X comes with NetInfo and LDAP (v2) support. So, you can potentially hook up to an Active Directory or NDS or any directory service that supports LDAP (haven't done it myself, yet, but it's on the list).

As for NIS, it's there in the box. Check out http://www.bresink.de/osx/nis.html for more info on getting MacOS X into NIS environments.

I hope that helps!
 
Go to System Preferences
Login
Login Window
Custom Authenticator
Select
you see Kerberos.bundle in the file dialog. It is grayed out ... but it is there! The file dialog points to the /System/Library/Authenticators/ directory
 
Originally posted by henrys
2 part response:

1. gumse - no problem, glad I could help.

2. scruffy - you asked for it ;-)

What you want is to create a two-level NetInfo domain.

Basically, NetInfo allows you to divide management of your resources into hierarchical groups called domains. You can use these domains to centralize your user accounts as well as the mounts your workstation should use at startup.

Every computer that runs NetInfo (and that is EVERY MacOS X system) has a local domain called 'local'. This domain stores all the settings for the local workstation (hint,hint...local == local). So, the steps I outlined for gumse modifies the local domain on his workstation.

What you want to do is to create a domain above that where multiple MacOS X computer can look to for user information and mounts. This isn't hard to do, it just takes some time to wrap your head around the concepts.

[ snip ]

That's it. You should be good to go. I'm sorry this is really (REALLY) long, but there is a log of pieces to touch to make this happen and it helps to understand what's going on. If you want me to continue and explain what goes on in the whole process I will, just let me know.


I'd very much like to hear more details, Henry.

I have a question though - Say I set up a 2 level netinfo network as you described in your post, but I have a laptop as well. How do I configure netinfo so that I can log in to the laptop when I'm away, and still be able to log in the the lan if the laptop is at work or just powered off?

Thanks,

jpb
 
jpb:

>>I'd very much like to hear more details, Henry.<<

Ok, I'll have to whip something up to post or a link to a website (it'll get long). Unfortunately, that may take some time since NorthPoint was my DSL provider 8-(. Give me some time and I'll provide a link.

>>I have a question though - Say I set up a 2 level netinfo network as you described in your post, but I have a laptop as well. How do I configure netinfo so that I can log in to the laptop when I'm away, and still be able to log in the the lan if the laptop is at work or just powered off?<<

Well, you don't - not with the same account. Unfortunately NetInfo wasn't designed with mobile users in mind, so it doesn't really cover this. Now what I do is create a local user with the same attributes as my NetInfo account (name, id, etc.) except it uses a home directory on my laptop.

As I'll explain, NetInfo looks in the local domain first when you attempt anything (say logon). If it finds the data there, that's what it uses. So if you create a user account in your local domain (via the Users applet), then you'll always be able to log in with that account. This is independent of any changes you make in the higher level domains - if you change attributes or passwords there, you'll need to replicate that on your laptop. The good thing is it's possible to create scripts that do this for you.

NetInfo is great, but this is one area it currently can't handle very well, and probably never will. As Microsoft found out with NT, roaming profiles and mobile users is a pain to maintain.

I hope that helps. I'll post to the list when I've got my site together.
 
"3. in MacOS X, I saw a setting in the Login System Preference applet that specified which authentication scheme to use - it was Kerberos. I assume that this allows you to add/remove/change authentication schemes for the system. Are there any other ones available right now? For example, could I use something that binds to a Windows NT Domain?. OK. Maybe not ... but how about LDAP? NetWare Directory Server? Microsoft Active Directory? NIS? "



If you use NIS, then you can set up a Windows 2000 Server to act as a Gateway. Just get the Services for UNIX CD from Microsoft (I thinks it costs $45) and have it act as a NFS gateway for all Windows users. In fact you can administer NIS from Windows 2000 or even host the NIS. The Windows 2000 can map their Active Directory to NIS. This allows just about any type of Windows users onto your network without the hassles of adding or purchasing extra services for Windows computers while using a central NFS store for both LINUX/UNIX/BSD/Mac OS X users and Windows users. Heck if you can afford the 800 MByte download Solaris is even free and you can add that to your network as well.
 
Not a real elegant solution, but you can always export your home directory from the network share point to your laptop and then map a local user to use that as a home directory.

Macintosh Manager, which you get with OSX Server allows you to do this very painlessly, and then will resynch the home folder when you plug back into the network so you still can have a roaming desktop across other machines on the network with the new stuff you created when you were off-line as it were.
 
Back
Top